use iframe for oembed - untrusted content

This commit is contained in:
Friendika 2011-10-24 20:10:46 -07:00
parent 790c4a4e1a
commit 1a7badb405
2 changed files with 23 additions and 3 deletions

View File

@ -19,8 +19,7 @@ function tryoembed($match){
if ($o->type=="error") return $match[0]; if ($o->type=="error") return $match[0];
$html = oembed_format_object($o); $html = oembed_format_object($o);
return oembed_iframe($html,$o->width,$o->height);
return $html;
} }

View File

@ -1,8 +1,12 @@
<?php <?php
function oembed_replacecb($matches){ function oembed_replacecb($matches){
logger('oembedcb');
$embedurl=$matches[1]; $embedurl=$matches[1];
$j = oembed_fetch_url($embedurl); $j = oembed_fetch_url($embedurl);
return oembed_format_object($j); $s = oembed_format_object($j);
return oembed_iframe($s,$j->width,$j->height);
} }
@ -102,6 +106,23 @@ function oembed_format_object($j){
return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret)); return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret));
} }
function oembed_iframe($src,$width,$height) {
if(! $width || strstr($width,'%'))
$width = '640';
if(! $height || strstr($height,'%'))
$height = '300';
// try and leave some room for the description line.
$height = intval($height) + 80;
$width = intval($width) + 40;
$s = 'data:text/html;base64,' . base64_encode('<html><body>' . $src . '</body></html>');
return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
}
function oembed_bbcode2html($text){ function oembed_bbcode2html($text){
$stopoembed = get_config("system","no_oembed"); $stopoembed = get_config("system","no_oembed");
if ($stopoembed == true){ if ($stopoembed == true){